'.aqva File Extension' Ransomware

The '.aqva File Extension' Ransomware Trojan is an encryption ransomware Trojan that was first observed on February 20, 2019. The '.aqva File Extension' Ransomware is a hybrid of Dharma and the Crysis Ransomware. This family of ransomware Trojans, which combines elements of both high profile ransomware families, has been responsible for a large number of infections since late 2018. The '.aqva File Extension' Ransomware, like its predecessors, carries out a typical encryption ransomware attack, making the user's files inaccessible and then demanding a ransom payment from the victim in exchange for the decryption key needed to restore the lost data.

The '.aqva File Extension' Ransomware will Make Your Files Unusable

Typically, the '.aqva File Extension' Ransomware is distributed in the form of corrupted file attachments contained in spam email messages. Once the '.aqva File Extension' Ransomware has been installed onto the victim's computer, the '.aqva File Extension' Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. Threats like the '.aqva File Extension' Ransomware target the user-generated files, ignoring the Windows system files and similar data. The '.aqva File Extension' Ransomware targets numerous file types in its attack, which include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.aqva File Extension' Ransomware attack marks the targeted files with the file extension '.aqva,' added to each affected file's name. The '.aqva File Extension' Ransomware also will delete the Shadow Volume snapshots of each affected file, as well as the System Restore points, with the purpose of preventing the victims from using these alternate methods to restore the data lost due to the '.aqva File Extension' Ransomware attack.

The '.aqva File Extension' Ransomware's Ransom Demands

Once the '.aqva File Extension' Ransomware Trojan has encrypted the victim's files, it will demand a ransom. To do this, the '.aqva File Extension' Ransomware drops its ransom note in the form of a text file named 'FILES ENCRYPTED.tx,' which is dropped on the infected computer's desktop. The '.aqva File Extension' Ransomware ransom note reads as follows:

'All your data has been locked us You want to return? write email crypted_files@qq.com.'

Computer users are instructed by the experts to ignore this ransom message and refrain from contacting the criminals via email. Rather, computer users should instead restore any compromised files from a backup copy. This is why having file backups stored in a safe location (such as the cloud or another external device) is the best protection computer users can have against threats like the '.aqva File Extension' Ransomware, which relies on the victims not being able to restore their data once it has been encrypted. This, coupled with a security program, is the best protection against these threats.